From: relpats_eht <rel...@us...> - 2005-07-06 18:32:22
|
Update of /cvsroot/bboard/birdboard In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28189 Modified Files: mod.php post.php read.php usercp.php Log Message: fixed all the slash problems and such Index: usercp.php =================================================================== RCS file: /cvsroot/bboard/birdboard/usercp.php,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** usercp.php 2 Jul 2005 01:31:43 -0000 1.16 --- usercp.php 6 Jul 2005 18:32:13 -0000 1.17 *************** *** 87,94 **** $query = $SQL->query("SELECT `signature` FROM `".$database['prefix']."users` WHERE `id` = '".$user->getData('id')."'"); $signature = $SQL->fetch_array($query); ! $signature['current'] = stripslashes($signature['signature']); $signature['current'] = parse_breaks($signature['current']); $signature['current'] = parse_bbcode($signature['current']); ! $signature['value'] = stripslashes($signature['signature']); eval("\$cpinclude = \"".$template->templates['40']."\";"); eval("\$include = \"".$template->templates['37']."\";"); --- 87,100 ---- $query = $SQL->query("SELECT `signature` FROM `".$database['prefix']."users` WHERE `id` = '".$user->getData('id')."'"); $signature = $SQL->fetch_array($query); ! $signature['signature'] = addslashes($signature['signature']); ! if($user->getData('censor') == 1){ ! $signature['signature'] = censor($signature['signature']); ! } ! $signature['current'] = addslashes(addslashes($signature['signature'])); $signature['current'] = parse_breaks($signature['current']); $signature['current'] = parse_bbcode($signature['current']); ! $signature['current'] = stripslashes(stripslashes($signature['current'])); ! ! $signature['value'] = $signature['signature']; eval("\$cpinclude = \"".$template->templates['40']."\";"); eval("\$include = \"".$template->templates['37']."\";"); Index: mod.php =================================================================== RCS file: /cvsroot/bboard/birdboard/mod.php,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** mod.php 17 Jun 2005 01:01:07 -0000 1.13 --- mod.php 6 Jul 2005 18:32:13 -0000 1.14 *************** *** 30,33 **** --- 30,36 ---- //# Is there a preview? if(isset($_POST['preview'])){ + $_POST['title'] = addslashes(addslashes($_POST['title'])); + $_POST = prepValue($_POST); + //grabbing the post icon $grabicon = $SQL->query("SELECT * FROM `".$database['prefix']."posticons` WHERE `id` = '".prepValue($_POST['icon'])."'"); *************** *** 35,44 **** //building preview ! $post['title'] = prepValue($_POST['title']); ! $message = prepValue($_POST['message']); //censoring bad words if needed if($user->getData('censor') == 1){ $message = censor($message); } //replacing newlines and tabs with html friendly characters $message = parse_breaks($message); --- 38,59 ---- //building preview ! $post['title'] = $_POST['title']; ! $message = addslashes(addslashes($_POST['message'])); ! //censoring bad words if needed if($user->getData('censor') == 1){ $message = censor($message); } + + //parsing emoticons in post + $grabemoticons = $SQL->query("SELECT `id`,`emoticon`,`image` FROM `".$database['prefix']."emoticons`"); + while($grab = $SQL->fetch_array($grabemoticons)){ + $emoticons[$grab['id']] = $grab['emoticon']; + $emoticonimages[$grab['id']] = "<img src=\"$config[emoticonpath]$grab[image]\" alt=\"$grab[emoticon]\" />"; + } + if($_POST['disableemoticons'] == 0){ + $message = parse_emoticons($message, $emoticons, $emoticonimages, $config['emoticonsperpost']); + } + //replacing newlines and tabs with html friendly characters $message = parse_breaks($message); *************** *** 46,70 **** $message = parse_bbcode($message); //parsing backslash replacments ! $message = str_replace("/me","<font color='#DD0000'>".$post['username']."</font>",$message); ! $message = str_replace("/maim","<font color='#DD0000'>".$post['aim']."</font>",$message); ! $message = str_replace("/mmsn","<font color='#DD0000'>".$post['msn']."</font>",$message); ! $message = str_replace("/micq","<font color='#DD0000'>".$post['icq']."</font>",$message); ! $message = str_replace("/myim","<font color='#DD0000'>".$post['yim']."</font>",$message); $message = str_replace("/you","<font color='#007700'>".$user->getData('username')."</font>",$message); $message = str_replace("/ygroup","<font color='#007700'>".$user->getData('name')."</font>",$message); $message = str_replace("/ybday","<font color='#007700'>".$user->getData('bday').".".$user->getData('bmonth').".".$user->getData('byear')."</font>",$message); //autoparsing urls in post if($_POST['parseurls'] == 1){ $message = parse_urls($message); } - //parsing emoticons in post - $grabemoticons = $SQL->query("SELECT `id`,`emoticon`,`image` FROM `".$database['prefix']."emoticons`"); - while($grab = $SQL->fetch_array($grabemoticons)){ - $emoticons[$grab['id']] = $grab['emoticon']; - $emoticonimages[$grab['id']] = "<img src=\"$config[emoticonpath]$grab[image]\" alt=\"$grab[emoticon]\" />"; - } - if($_POST['disableemoticons'] == 0){ - $message = str_replace($emoticons, $emoticonimages, $message); - } //setting the actual preview --- 61,77 ---- $message = parse_bbcode($message); //parsing backslash replacments ! $message = str_replace("/me","<font color='#DD0000'>".$user->getData('username')."</font>",$message); ! $message = str_replace("/maim","<font color='#DD0000'>".$user->getData('aim')."</font>",$message); ! $message = str_replace("/mmsn","<font color='#DD0000'>".$user->getData('msn')."</font>",$message); ! $message = str_replace("/micq","<font color='#DD0000'>".$user->getData('icq')."</font>",$message); ! $message = str_replace("/myim","<font color='#DD0000'>".$user->getData('yim')."</font>",$message); $message = str_replace("/you","<font color='#007700'>".$user->getData('username')."</font>",$message); $message = str_replace("/ygroup","<font color='#007700'>".$user->getData('name')."</font>",$message); $message = str_replace("/ybday","<font color='#007700'>".$user->getData('bday').".".$user->getData('bmonth').".".$user->getData('byear')."</font>",$message); + //autoparsing urls in post if($_POST['parseurls'] == 1){ $message = parse_urls($message); } //setting the actual preview *************** *** 75,87 **** eval("\$preview = \"".$template->cleanTemplate('23') . addslashes($message)."\";"); } else { ! $preview = addslashes($message); } ! eval("\$post['preview'] = \"".$template->templates['34']."\";"); ! $post['preview'] = stripslashes($post['preview']); //prepping everything to go back to the form $a = "editpostform"; $titlenew = $_POST['title']; ! $messagenew = $_POST['message']; ! $descriptionnew = $_POST['description']; $preview = 1; } --- 82,95 ---- eval("\$preview = \"".$template->cleanTemplate('23') . addslashes($message)."\";"); } else { ! $preview = $message; } ! eval("\$previewdata = \"".$template->templates['34']."\";"); ! $previewdata = stripslashes($previewdata); ! //prepping everything to go back to the form $a = "editpostform"; $titlenew = $_POST['title']; ! $messagenew = addslashes($_POST['message']); ! $descriptionnew = addslashes($_POST['description']); $preview = 1; } *************** *** 93,96 **** --- 101,107 ---- $postquery = $SQL->query("SELECT p.*, t.fid, t.title AS topictitle, t.description, t.iconid AS posticon, t.locked FROM `".$database['prefix']."posts` AS p RIGHT JOIN `".$database['prefix']."topics` AS t ON(p.tid = t.id) WHERE p.id = '$pid'"); $post = $SQL->fetch_array($postquery); + $post['preview'] = $previewdata; + $post['message'] = addslashes(addslashes($post['message'])); + $post['title'] = addslashes(addslashes($post['title'])); //# Some forum vars *************** *** 119,123 **** if ($preview == 1) { ! $post['title'] = $titlenew; $post['message'] = $messagenew; $post['description'] = $descriptionnew; --- 130,134 ---- if ($preview == 1) { ! $post['title'] = stripslashes($titlenew); $post['message'] = $messagenew; $post['description'] = $descriptionnew; *************** *** 174,190 **** } - if ($preview == 1) { - if(($post['title'] != "") || ($_POST['icon'] != "")){ - if($_POST['icon'] != ""){ - $post['icon'] = "<img src=\"$config[posticonpath]$previcon[value]\" alt=\"\" />"; - } - eval("\$preview = \"".$template->cleanTemplate('23') . addslashes($message)."\";"); - } else { - $preview = $message; - } - eval("\$post['preview'] = \"".$template->templates['34']."\";"); - $post['preview'] = stripslashes($post['preview']); - } - $checkisfirstpost = $SQL->query("SELECT `id` FROM `".$database['prefix']."posts` WHERE `tid` = '".$post['tid']."' ORDER BY `dateline` ASC LIMIT 1"); $firstpost = $SQL->fetch_array($checkisfirstpost); --- 185,188 ---- *************** *** 194,197 **** --- 192,196 ---- eval("\$include = \"".$template->templates['63']."\";"); } + $include = stripslashes($include); //# Updating active table Index: post.php =================================================================== RCS file: /cvsroot/bboard/birdboard/post.php,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** post.php 29 Jun 2005 18:51:16 -0000 1.13 --- post.php 6 Jul 2005 18:32:13 -0000 1.14 *************** *** 33,36 **** --- 33,37 ---- //# Is there a preview? if(isset($_POST['preview'])){ + $_POST = prepValue($_POST); //grabbing the post icon $grabicon = $SQL->query("SELECT * FROM `".$database['prefix']."posticons` WHERE `id` = '".prepValue($_POST['icon'])."'"); *************** *** 38,47 **** //building the preview ! $post['title'] = prepValue(addslashes($_POST['title'])); ! $message = prepValue(addslashes($_POST['message'])); //censoring bad words if needed if($user->getData('censor') == 1){ $message = censor($message); } //replacing newlines and tabs with html friendly characters $message = parse_breaks($message); --- 39,60 ---- //building the preview ! $post['title'] = addslashes(addslashes($_POST['title'])); ! $message = addslashes(addslashes($_POST['message'])); ! //censoring bad words if needed if($user->getData('censor') == 1){ $message = censor($message); } + + //parsing emoticons in post + $grabemoticons = $SQL->query("SELECT `id`,`emoticon`,`image` FROM `".$database['prefix']."emoticons`"); + while($grab = $SQL->fetch_array($grabemoticons)){ + $emoticons[$grab['id']] = $grab['emoticon']; + $emoticonimages[$grab['id']] = "<img src=\"$config[emoticonpath]$grab[image]\" alt=\"$grab[emoticon]\" />"; + } + if($_POST['disableemoticons'] == 0){ + $message = parse_emoticons($message, $emoticons, $emoticonimages, $config['emoticonsperpost']); + } + //replacing newlines and tabs with html friendly characters $message = parse_breaks($message); *************** *** 49,73 **** $message = parse_bbcode($message); //parsing backslash replacments ! $message = str_replace("/me","<font color='#DD0000'>".$post['username']."</font>",$message); ! $message = str_replace("/maim","<font color='#DD0000'>".$post['aim']."</font>",$message); ! $message = str_replace("/mmsn","<font color='#DD0000'>".$post['msn']."</font>",$message); ! $message = str_replace("/micq","<font color='#DD0000'>".$post['icq']."</font>",$message); ! $message = str_replace("/myim","<font color='#DD0000'>".$post['yim']."</font>",$message); $message = str_replace("/you","<font color='#007700'>".$user->getData('username')."</font>",$message); $message = str_replace("/ygroup","<font color='#007700'>".$user->getData('name')."</font>",$message); $message = str_replace("/ybday","<font color='#007700'>".$user->getData('bday').".".$user->getData('bmonth').".".$user->getData('byear')."</font>",$message); //autoparsing urls in post if($_POST['parseurls'] == 1){ $message = parse_urls($message); } ! //parsing emoticons in post ! $grabemoticons = $SQL->query("SELECT `id`,`emoticon`,`image` FROM `".$database['prefix']."emoticons`"); ! while($grab = $SQL->fetch_array($grabemoticons)){ ! $emoticons[$grab['id']] = $grab['emoticon']; ! $emoticonimages[$grab['id']] = "<img src=\"$config[emoticonpath]$grab[image]\" alt=\"$grab[emoticon]\" />"; ! } ! if($_POST['disableemoticons'] == 0){ ! $message = str_replace($emoticons, $emoticonimages, $message); ! } //setting the actual preview if(($post['title'] != "") || ($_POST['icon'] != "")){ --- 62,79 ---- $message = parse_bbcode($message); //parsing backslash replacments ! $message = str_replace("/me","<font color='#DD0000'>".$user->getData('username')."</font>",$message); ! $message = str_replace("/maim","<font color='#DD0000'>".$user->getData('aim')."</font>",$message); ! $message = str_replace("/mmsn","<font color='#DD0000'>".$user->getData('msn')."</font>",$message); ! $message = str_replace("/micq","<font color='#DD0000'>".$user->getData('icq')."</font>",$message); ! $message = str_replace("/myim","<font color='#DD0000'>".$user->getData('yim')."</font>",$message); $message = str_replace("/you","<font color='#007700'>".$user->getData('username')."</font>",$message); $message = str_replace("/ygroup","<font color='#007700'>".$user->getData('name')."</font>",$message); $message = str_replace("/ybday","<font color='#007700'>".$user->getData('bday').".".$user->getData('bmonth').".".$user->getData('byear')."</font>",$message); + //autoparsing urls in post if($_POST['parseurls'] == 1){ $message = parse_urls($message); } ! //setting the actual preview if(($post['title'] != "") || ($_POST['icon'] != "")){ *************** *** 79,90 **** $preview = $message; } ! $preview = stripslashes($preview); eval("\$post['preview'] = \"".$template->templates['34']."\";"); $post['preview'] = stripslashes($post['preview']); //prepping everything to go back to the form $a = "postform"; ! $post['titlevalue'] = $_POST['title']; ! $post['messagevalue'] = stripslashes($_POST['message']); ! $post['descriptionvalue'] = $_POST['description']; $preview = 1; } --- 85,96 ---- $preview = $message; } ! eval("\$post['preview'] = \"".$template->templates['34']."\";"); $post['preview'] = stripslashes($post['preview']); //prepping everything to go back to the form $a = "postform"; ! $post['titlevalue'] = addslashes($_POST['title']); ! $post['messagevalue'] = addslashes($_POST['message']); ! $post['descriptionvalue'] = addslashes($_POST['description']); $preview = 1; } *************** *** 233,237 **** $prevpost['message'] = parse_emoticons($prevpost['message'], $emoticons, $emoticonimages, $config['emoticonsperpost']); } ! $prevpost['message'] = stripslashes($prevpost['message']); $prevpost['message'] = parse_breaks($prevpost['message']); $prevpost['message'] = parse_bbcode($prevpost['message']); --- 239,243 ---- $prevpost['message'] = parse_emoticons($prevpost['message'], $emoticons, $emoticonimages, $config['emoticonsperpost']); } ! $prevpost['message'] = addslashes(addslashes(addslashes($prevpost['message']))); $prevpost['message'] = parse_breaks($prevpost['message']); $prevpost['message'] = parse_bbcode($prevpost['message']); *************** *** 245,248 **** --- 251,255 ---- eval("\$prevposts = \"".addslashes($prevposts)."\";"); eval("\$post[history] = \"".$template->templates['46']."\";"); + $post['history'] = stripslashes($post['history']); } $post['maxfilesize'] = filesize_format($config['uploadbytes']); Index: read.php =================================================================== RCS file: /cvsroot/bboard/birdboard/read.php,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** read.php 29 Jun 2005 18:51:16 -0000 1.16 --- read.php 6 Jul 2005 18:32:13 -0000 1.17 *************** *** 310,314 **** $post['pm'] = "<a href=\"usercp.php?a=outbox&postid=".$post['id']."\"><img src=\"".$template->getVar('imagepath')."/".$template->getVar('pmbutton')."\" border=\"0\"></a>"; if(($post['title'] != "") || ($post['posticon'] != "")){ ! $post['title'] = stripslashes($post['title']); if($post['posticon'] != ""){ $post['icon'] = "<img src=\"$config[posticonpath]".$post['posticon']."\" alt=\"\" />"; --- 310,314 ---- $post['pm'] = "<a href=\"usercp.php?a=outbox&postid=".$post['id']."\"><img src=\"".$template->getVar('imagepath')."/".$template->getVar('pmbutton')."\" border=\"0\"></a>"; if(($post['title'] != "") || ($post['posticon'] != "")){ ! $post['title'] = addslashes(addslashes(addslashes($post['title']))); if($post['posticon'] != ""){ $post['icon'] = "<img src=\"$config[posticonpath]".$post['posticon']."\" alt=\"\" />"; *************** *** 337,341 **** } //prepping message for output ! $post['message'] = stripslashes($post['message']); //censoring words if($user->getData('censor') == 1){ --- 337,342 ---- } //prepping message for output ! $post['message'] = addslashes(addslashes(addslashes($post['message']))); ! //censoring words if($user->getData('censor') == 1){ *************** *** 348,352 **** //calling the function to parse bbcode $post['message'] = parse_breaks($post['message']); ! $post['message'] = parse_bbcode($post['message']); //parsing slash replacements $post['message'] = str_replace("/me","<font color='#DD0000'>".$post['username']."</font>",$post['message']); $post['message'] = str_replace("/maim","<font color='#DD0000'>".$post['aim']."</font>",$post['message']); --- 349,355 ---- //calling the function to parse bbcode $post['message'] = parse_breaks($post['message']); ! $post['message'] = parse_bbcode($post['message']); ! ! //parsing slash replacements $post['message'] = str_replace("/me","<font color='#DD0000'>".$post['username']."</font>",$post['message']); $post['message'] = str_replace("/maim","<font color='#DD0000'>".$post['aim']."</font>",$post['message']); *************** *** 370,373 **** --- 373,377 ---- //setting/unsetting signature per user settings if(($user->getData('viewsiggies') == 1) && ($post['disablesiggy'] == 0) && ($post['signature'] != "")){ + $post['signature'] = addslashes(addslashes(addslashes($post['signature']))); if($user->getData('censor') == 1){ $post['signature'] = censor($post['signature']); *************** *** 383,387 **** $post = $template->releaseCache(); eval("\$posts = \"$posts\";"); ! $posts = stripslashes($posts); //# Topic options menu --- 387,391 ---- $post = $template->releaseCache(); eval("\$posts = \"$posts\";"); ! $posts = stripslashes(stripslashes($posts)); //# Topic options menu |